Cloud Security Report Includes Tips for AWS Users

Cloud security is a bit of a mess in many organizations, according to a new report from AlienVault, which provided tips specifically for Amazon Web Services Inc. (AWS) users to help alleviate the situation.

AlienVault, which says it provides Unified Security Management and threat intelligence services, last week issued a report based on a survey it conducted during the RSA 2017 security conference in February. There, the company polled 974 attendees about cloud security and Internet of Things (IoT) monitoring, concluding that "cloud security remains a thorn in the side of security professionals, with many still struggling to monitor this environment effectively."

"Perhaps the most startling survey statistic is that one third of show attendees describe the state of security monitoring within their organization as 'complex and chaotic,'" the company said in a news release about the report. "Likely a significant factor in this outcome, survey results reveal a major disconnect between respondents' beliefs and their actions when it comes to cloud security and IoT."

Other highlights of the report listed by the company include:

39 percent of respondents use more than 10 different cloud services within their organization, and an additional 21 percent don't know how many cloud applications are being used.

42 percent of respondents are less confident in their ability to detect threats in the cloud versus on-premises, yet 47 percent would rather monitor a cloud environment than an on-premises network.

62 percent state that they are worried about IoT devices in their environment, yet 45 percent believe IoT benefits outweigh the risks. Frighteningly, 43 percent of respondents say their company does not monitor IoT network traffic at all, and an additional 20 percent aren't even sure of the answer.

Included in the report were the following tips specifically targeting AWS users:

Lock down root account credentials. Root accounts are the crown jewels of your cloud environment and are frequently targeted. Where possible, delete the default admin account and create a separate account for users and enable multi-factor authentication.

Use security groups. Providers like AWS offer security groups that should be used to limit access to administrative services such as SSH, RDP and so on.

AWS CloudTrail is a critical resource for monitoring an AWS environment. While it contains a high level of detail, not all tools can present the data in a meaningful way.

Utilize IAM roles and temporary credentials to eliminate the need for applications to use credentials to make API requests.

Scanning for vulnerabilities in cloud environments can't be typically undertaken with your on-premises scanner. Many providers have a list of approved scanners, and you may need to request permission first.

Activate VPC Flow Logs. VPC Flow Logs allow you to record information about the network traffic going through your VPCs. You can create VPC Flow Logs from a network interface, a subnet, or the VPC itself. The VPC Flow Logs can be used to detect suspicious traffic, check for Indicators of Compromise (IOCs), and help during an incident response or a forensic analysis after an incident.

"As more and more organizations of all sizes are moving applications and workloads to the public cloud, it is critical to understand the security challenges of the cloud in general, and AWS in particular," Blasco said. "IT environments are increasingly hybrid in nature, with many organizations maintaining some on-premises infrastructure as well as cloud infrastructure, using one or more cloud providers. It is critical to leverage security solutions that can monitor both cloud and on-premises environments."

Blasco said his blog post was the first of a series that will detail best practices for securing AWS accounts and infrastructure.